Does Quform Mailchimp have any unpatched vulnerabilities?

No. All known vulnerabilities in Quform Mailchimp have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quform Mailchimp compatible with WordPress 6.9.4?

According to WordPress.org data, Quform Mailchimp 1.3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Quform Mailchimp compatible with PHP 5.2.4+?

Quform Mailchimp requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Quform Mailchimp updated?

Quform Mailchimp was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Quform Mailchimp's security score?

Quform Mailchimp has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quform Mailchimp Security & Risk Analysis

wordpress.org/plugins/quform-mailchimp

Easily add contacts to Mailchimp from Quform forms.

900 active installs v1.3.1 PHP 5.2.4+ WP 4.6+ Updated Dec 1, 2025

email-marketingform-builderformsmailchimpquform

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Quform Mailchimp Safe to Use in 2026?

Generally Safe

Score 100/100

Quform Mailchimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "quform-mailchimp" plugin, in version 1.3.1, exhibits a concerning security posture due to a significant number of unprotected AJAX handlers, representing its entire attack surface. While the code demonstrates good practices in other areas, such as a high percentage of prepared SQL statements and properly escaped output, the lack of authentication checks on these AJAX endpoints is a critical vulnerability. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure.

Taint analysis revealed one flow with unsanitized paths, though it was not flagged as critical or high severity. This suggests a potential, albeit minor, risk of path traversal or file system manipulation if combined with other factors. The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator of the developers' past diligence in securing the plugin. However, the current static analysis findings, particularly the unprotected AJAX handlers, overshadow this historical strength and present a clear and immediate risk.

In conclusion, while the plugin shows strengths in areas like SQL prepared statements and output escaping, the unprotected AJAX handlers are a major weakness. The presence of an unsanitized path flow, even if not high severity, adds to the potential attack surface. The absence of historical vulnerabilities is commendable, but it does not mitigate the current risks identified. Users of this plugin should be aware of the potential for unauthenticated actions via its AJAX endpoints.

Key Concerns

Large attack surface without auth checks
Flow with unsanitized paths

Vulnerabilities

None known

Quform Mailchimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Quform Mailchimp Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

120 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared18 total queries

Output Escaping

86% escaped140 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

search_box (library\Quform\Mailchimp\Integration\List\Table.php:452)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

Quform Mailchimp Attack Surface

Entry Points11

Unprotected11

AJAX Handlers 11

authwp_ajax_quform_mc_save_integrations_table_settingslibrary\Quform\Mailchimp\Dispatcher.php:33

authwp_ajax_quform_mc_add_integrationlibrary\Quform\Mailchimp\Dispatcher.php:34

authwp_ajax_quform_mc_save_integrationlibrary\Quform\Mailchimp\Dispatcher.php:35

authwp_ajax_quform_mc_get_listslibrary\Quform\Mailchimp\Dispatcher.php:36

authwp_ajax_quform_mc_get_form_email_elementslibrary\Quform\Mailchimp\Dispatcher.php:37

authwp_ajax_quform_mc_get_merge_fieldslibrary\Quform\Mailchimp\Dispatcher.php:38

authwp_ajax_quform_mc_get_groupslibrary\Quform\Mailchimp\Dispatcher.php:39

authwp_ajax_quform_mc_get_logic_sourceslibrary\Quform\Mailchimp\Dispatcher.php:40

authwp_ajax_quform_mc_verify_api_keylibrary\Quform\Mailchimp\Dispatcher.php:43

authwp_ajax_quform_mc_save_settingslibrary\Quform\Mailchimp\Dispatcher.php:44

authwp_ajax_quform_mc_uninstall_pluginlibrary\Quform\Mailchimp\Dispatcher.php:45

WordPress Hooks 13

filterremovable_query_argslibrary\Quform\Mailchimp\Admin\Page\Integrations\List.php:109

actionadmin_noticeslibrary\Quform\Mailchimp\Dispatcher.php:14

actioninitlibrary\Quform\Mailchimp\Dispatcher.php:18

filterquform_post_processlibrary\Quform\Mailchimp\Dispatcher.php:20

actionquform_admin_menulibrary\Quform\Mailchimp\Dispatcher.php:24

actionquform_admin_menu_icon_colorlibrary\Quform\Mailchimp\Dispatcher.php:25

actioncurrent_screenlibrary\Quform\Mailchimp\Dispatcher.php:26

filteradmin_titlelibrary\Quform\Mailchimp\Dispatcher.php:27

filteradmin_body_classlibrary\Quform\Mailchimp\Dispatcher.php:28

actionadmin_enqueue_scriptslibrary\Quform\Mailchimp\Dispatcher.php:29

filterquform_mailchimp_mdi_icon_prefixlibrary\Quform\Mailchimp\Dispatcher.php:30

actionquform_container_setupquform-mailchimp.php:28

actionquform_bootstrapquform-mailchimp.php:29

Maintenance & Trust

Quform Mailchimp Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version5.2.4

Downloads13K

Community Trust

Rating100/100

Number of ratings3

Active installs900

Alternatives

Quform Mailchimp Alternatives

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form

wp-subscribe-form

100

Use Subscribe Forms to grow your email subscriber lists with Subscribe Forms built-in email forms templates and integrations 📧

2K No CVEs

Quform Zapier

quform-zapier

100

Easily integrate Zapier with Quform forms.

1K No CVEs

Quform WPML

quform-wpml

100

Translate Quform forms into multiple languages using WPML.

600 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Developer Profile

Quform Mailchimp Developer Profile

ThemeCatcher

3 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quform Mailchimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quform-mailchimp/library/css/admin.min.css/wp-content/plugins/quform-mailchimp/library/js/integrations.edit.min.js

Script Paths

/wp-content/plugins/quform-mailchimp/library/js/integrations.edit.min.js

Version Parameters

quform-mailchimp/library/css/admin.min.css?ver=quform-mailchimp/library/js/integrations.edit.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

qfb-mdi

Data Attributes

data-quform-mailchimp-integration-id

JS Globals

quformMailchimpIntegrationsEditL10n

FAQ